try { user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); } catch (UsernameNotFoundException notFound) { logger.debug("User '" + username + "' not found"); if (hideUserNotFoundExceptions) { throw new BadCredentialsException(messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials")); } else { throw notFound; } }
然后可以通过新建一个properties来覆盖spring security默认的错误信息,security.properties内容如下:
AbstractUserDetailsAuthenticationProvider.badCredentials=用户名或密码错误
再在bean里注入:
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>security</value>
</list>
</property>
<property name="defaultEncoding" value="utf8" />
</bean>
最后在页面上就可以通过${SPRING_SECURITY_LAST_EXCEPTION.message}来获取错误信息